Microsoft Patches 6 0-Days & 16 RCE Vulnerabilities
November 9, 2022
Microsoft Patches 6 0-Days & 16 RCE Vulnerabilities
As part of November’s monthly security rollup updates, Microsoft has patched 6 0-Day and 16 Remote Code Execution vulnerabilities.
Overall, Microsoft has patched 68 vulnerabilities across Windows, Windows Server, Exchange, Hyper-V, Azure, Visual Studio, Office and others.
The Zero-Day Vulnerabilities
- CVE-2022-41128 (CVSS 3.1: 8.8, High Severity) – Windows Scripting Languages Remote Code Execution Vulnerability
- CVE-2022-41091 (CVSS 3.1: 5.4, Medium Severity) – Windows Mark of the Web Security Feature Bypass Vulnerability
- CVE-2022-41073 (CVSS 3.1: 7.8, High Severity) – Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2022-41125 (CVSS 3.1: 7.8, High Severity) – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
- CVE-2022-41040 (CVSS 3.1: 7.9, High Severity) – Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-41082 (CVSS 3.1: 8.3, High Severity) – Microsoft Exchange Server Remote Code Execution Vulnerability
For the full patched vulnerabilities list, including the 16 RCEs, visit Microsoft November 2022 Security Updates.
Mitigation
CYREBRO recommends implementing the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.
References: Microsoft November 2022 Security Updates.
